Will Barack Obama order a major cyber-reprisal against Russia for
election hacks before he leaves office? A CNN report suggests the
response will be a softball.

Photo by Carsten Koall/Getty Images

Updated 2:20pm ET (7:20pm UK): The
Obama administration has announced sanctions against Russia, including
the ejection of 35 Russian intelligence operatives from the US, and
legal and financial sanctions against Russia's GRU and FSB intelligence
services and top military officers. More details will follow in a
separate story.

Original story

According to a CNN report,
officials within the Obama administration have said that retaliatory
measures against Russia for interference in the US election will happen
very soon—perhaps as early as today. But the response is expected to be
"proportional" and include diplomatic measures and sanctions. It's not
clear whether there will be any sort of response in kind against the
Russian leadership's computer systems and data.

A proportional response, however, likely won't
do anything to deter future efforts to use hacking and information
campaigns to affect US politics or other aspects of government. That's
according to Dave Aitel, the founder of the security firm Immunity and a
former NSA research scientist. In a recent interview with Ars, Aitel
said he believed that the US would take some sort of retaliatory action
in the final weeks of Obama's presidency. "We're in a unique position
where [President Barack] Obama can lay a haymaker down," he said, "and
then Trump has to stand up. And Obama has nothing to restrain him."

Aitel predicted that the US response "will be
big enough that it intimidates a nation-state. It's like we are the only
nuclear power." And he said the US response needs to be substantial,
because the methods used to hack the DNC and John Podesta and the
related information operations used to disrupt the campaign of Hillary
Clinton are within the skill set of a team of penetration testers or
anyone else with a moderate amount of technical skill.

"Anybody could have done this," Aitel said.
"That's the more concerning factor—it's less about what Russia did and
more about, have we built a fragile democracy?" The US' judicial system,
he noted, is particularly vulnerable as well. "Someone could start
messing with court cases very easily. It could be a billion-dollar
problem."

Go big or go... nowhere?

Launching the sort of "big" response Aitel
advocates for, however, would require acting in a way that doesn't
escalate beyond the digital. As Aitel himself pointed out, "Our [the
US'] specialty is the hard stuff"—things like Stuxnet. But much of what
the US could do—or the National Security Agency, in particular—is in the
realm of the cyber-physical, as in disabling infrastructure—actions
that could be seen as too drastic or as an act of war.

Early leaks from the Obama administration
claim the CIA was planning some sort of "covert" operation against
Russia (though not terribly covert, as information on the planned
operation was given to NBC News). It now seems like those operations
have either been sidelined or have failed outright. So President Obama's
options at this point may be extremely limited.

The measures that CNN reports are in the works
are expected to include naming individuals involved in information
operations, including the hacking and leaking of the e-mails of the
Democratic National Committee and Hillary Clinton presidential campaign
chairman John Podesta—the same sort of "name and shame" approach the US
took with China over hacking by members of the People's Liberation Army.
The US response will not likely include indictments, but direct
financial sanctions may be involved.

The reports of the White House plan drew a
response yesterday from Russia's Foreign Ministry. Foreign Ministry
Spokesperson Maria Zakharova said, "The outgoing US administration has
not given up on its hope of dealing one last blow to relations with
Russia, which it has already destroyed. Using obviously inspired leaks
in the US media, it is trying to threaten us again with expansion of
anti-Russian sanctions, 'diplomatic' measures, and even subversion of
our computer systems."

Zakharova claimed that the Department of
Homeland Security's alleged port scan of the systems of the Georgia
secretary of state were evidence of a "White House-orchestrated
provocation" trying to shift blame to Russia. She added, "We can only
add that if Washington takes new hostile steps, it will receive an
answer. This applies to any actions against Russian diplomatic missions
in the United States, which will immediately backfire at US diplomats in
Russia."